It is necessary to update the configuration of the tenant's SAML realm within the conf.json configuration file.
Edit the following file:
It is necessary to update the configuration of the tenant's SAML realm within the conf.json configuration file.
Edit the following file:
As antidot user
/usr/local/afs7/Fluid-Topics/conf/$TENANT_ID/conf.json
To meet the minimum requirements, it is necessary to add the following lines within the "ui" object:
“ui”: {
...
"authentication": {
"realms": [
{
"name": "$SAML_NAME_EXAMPLE",
"type": "saml2",
"configuration": {
"name": "$SAML_NAME_EXAMPLE",
"keystoreFile": "saml/keystore.jks",
"keystorePassword": "$KEYSTORE_PASSWORD",
"privateKeyPassword": "$PRIVATE_KEY_PASSWORD",
"entityId": "http://$HOSTNAME/$TENANT_ID/",
"idpMetadataFile": "saml/idp_metadata.xml",
"idPropertyKey": "$USER_ID",
"mailPropertyKey": "$USER_MAIL",
"namePropertyKey": "$USER_NAME",
"maxAuthenticationLifetime": "$NUMERICAL_VALUE"
}
}
]
}
...
},
Where:
This parameter is mandatory. Example: saml/keystore.jks
This parameter is mandatory. Example: http://$HOSTNAME/$TENANT_ID/
This parameter is mandatory. Example: saml/idp_metadata.xml
It may be replaced by the "idReaderFunction" parameter. See SAML Profile Retrieval.
By default, if no idPropertyKey is used, the value will be mapped with the nameId property from the SAML assertion.
Any missing information (i.e other *PropertyKey attributes) is requested when the user tries to login.
It may be replaced by the mailReaderFunction parameter. See SAML Profile Retrieval.
It may be replaced by the nameReaderFunction parameter. See SAML Profile Retrieval.
To prevent user sessions from timing out unexpectedly, it is necessary to use one of the recommended maxAuthenticationLifetime values.